IETF Logo Mail Archive

Re: [Idr] FW: New Version Notification for draft-ietf-idr-bgp-open-policy-22.txt

Jeffrey Haas <jhaas@pfrc.org> Tue, 15 February 2022 14:48 UTC

Return-Path: <jhaas@slice.pfrc.org>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BF1DC3A0D1B; Tue, 15 Feb 2022 06:48:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gcs_4jjQVezm; Tue, 15 Feb 2022 06:48:40 -0800 (PST)
Received: from slice.pfrc.org (slice.pfrc.org [67.207.130.108]) by ietfa.amsl.com (Postfix) with ESMTP id A1C8B3A0D0B; Tue, 15 Feb 2022 06:48:40 -0800 (PST)
Received: by slice.pfrc.org (Postfix, from userid 1001) id B24F91E341; Tue, 15 Feb 2022 09:48:39 -0500 (EST)
Date: Tue, 15 Feb 2022 09:48:39 -0500
From: Jeffrey Haas <jhaas@pfrc.org>
To: "Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov>
Cc: "bruno.decraene@orange.com" <bruno.decraene@orange.com>, "idr@ietf.org" <idr@ietf.org>, "Alvaro Retana (aretana)" <aretana@cisco.com>, "idr-chairs@ietf.org" <idr-chairs@ietf.org>, Susan Hares <shares@ndzh.com>, Alexander Azimov <a.e.azimov@gmail.com>
Message-ID: <20220215144839.GL15589@pfrc.org>
References: <164450039103.18823.6537348944134332594@ietfa.amsl.com> <SA1PR09MB81425A2C93A8B01D69ECF4C0842F9@SA1PR09MB8142.namprd09.prod.outlook.com> <20220210141346.GA28463@pfrc.org> <SA1PR09MB8142F6BCFCA2FAC557CE1F4E842F9@SA1PR09MB8142.namprd09.prod.outlook.com> <20220210160935.GD28463@pfrc.org> <SA1PR09MB814282B289F4061F72EBC356842F9@SA1PR09MB8142.namprd09.prod.outlook.com> <14670_1644570888_62062908_14670_192_1_f1ffc8e0bc5d417cbe88d57935bf4506@orange.com> <20220211145238.GH28463@pfrc.org> <SA1PR09MB8142DCF7B9B8982F5BBEE18084339@SA1PR09MB8142.namprd09.prod.outlook.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <SA1PR09MB8142DCF7B9B8982F5BBEE18084339@SA1PR09MB8142.namprd09.prod.outlook.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/hYq5N3JD27BMvBCojzPUar-2MTw>
Subject: Re: [Idr] FW: New Version Notification for draft-ietf-idr-bgp-open-policy-22.txt
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Feb 2022 14:48:43 -0000

Sriram,

In a side conversation, Bruno points out RFC 7606 sense of malformed with
targeted actions is appropriate.  So, I withdraw my comment about not
calling these malformed.

Updated proposal follows:


On Mon, Feb 14, 2022 at 09:02:42PM +0000, Sriram, Kotikalapudi (Fed) wrote:
> > OLD:    If an eBGP speaker receives an UPDATE with an OTC Attribute with a
> >
> >    length different from 4 octets, then the UPDATE SHALL be considered
> >
> >    malformed.  If malformed, the UPDATE message SHALL be handled using
> >
> >    the approach of treat-as-withdraw [RFC7606<https://datatracker.ietf.org/doc/html/rfc7606><http://rfc7606%3Chttps//datatracker.ietf.org/doc/html/rfc7606%3E>]6>].
> >
> >
> >
> >    If an UPDATE with an OTC Attribute is received in iBGP, then the
> >
> >    Attribute or UPDATE SHALL NOT be considered malformed based on the
> >
> >    specified length.  This avoids treat-as-withdraw error handling and
> >
> >    prevents the possibility of long-lived forwarding loops in iBGP
> >
> >    (Section 6 in [RFC7606]<https://datatracker.ietf.org/doc/html/rfc7606#section-6><http://rfc7606]%3Chttps//datatracker.ietf.org/doc/html/rfc7606>)6>).  It also avoids Attribute-discard error
> >
> >    handling [RFC7606<https://datatracker.ietf.org/doc/html/rfc7606><http://rfc7606%3Chttps//datatracker.ietf.org/doc/html/rfc7606%3E>] and hence route leak detection capability is not
> >
> >    compromised in case the route is propagated to eBGP neighbors.
> >
> > NEW: <null>

NEW:

An OTC Attribute with a length that is not 4 octets SHALL be considered
malformed.  

An UPDATE message with a malformed OTC Attribute received from an eBGP peer
MUST be handled using the approach of "treat-as-withdraw".

When an UPDATE message with a malformed OTC Attribute is received from an
iBGP peer, the OTC message's value field SHOULD be ignored and considered
invalid.

Applying "treat-as-withdraw" behaviors to routes received via iBGP may lead
to forwarding loops. ([RFC 7606], Section 6.)  Retaining the malformed OTC
Attribute with an invalid value permits an adjacent AS to prevent route
leaks. 

> >
> > OLD:
> >
> >    2.  If a route with the OTC Attribute is received from a Peer (i.e.,
> >
> >        remote AS with a Peer Role) and the Attribute has a value that is
> >
> >        not equal to the remote (i.e., Peer's) AS number, then it is a
> >
> >        route leak and MUST be considered ineligible.
> >
> >
> > NEW:
> >
> >    2.  If a route with the OTC Attribute is received from a Peer (i.e.,
> >
> >        remote AS with a Peer Role) and the Attribute has a value that is
> >
> >        not equal to the remote (i.e., Peer's) AS number (including when the attribute value is not 4 octets), then it is a
> >
> >        route leak and MUST be considered ineligible.
> 
> 2.  If a route with the OTC Attribute is received from a Peer (i.e.,
> remote AS with a Peer Role) and the Attribute has a value that is
> not equal to the remote (i.e., Peer's) AS number, or the value is invalid,
> then it is a route leak and MUST be considered ineligible.

v2.23.0 | Report a Bug | By Email